CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,829 vulnerabilities with CWE-502
CVE-2024-4471 HIGH
The 140+ Widgets | Best Addons For Elementor - FREE for WordPress <...
CVSS 8.0
CVE-2024-4157 HIGH
Fluent Forms <= 5.1.15 - Authenticated PHP Object Injection
CVSS 7.5
CVE-2024-34274 LOW
OpenBD 20210306203917-6cbe797 - Remote Code Execution via Cookie Deserialization
CVSS 3.9
CVE-2024-31879 HIGH
IBM i 7.2-7.4 - Remote Code Execution via Untrusted Data Deserialization
CVSS 7.5
CVE-2024-34997 HIGH
joblib v1.4.2 - Deserialization of Untrusted Data via NumpyArrayWrapper
CVSS 7.5
CVE-2024-4733 HIGH
ShiftController Employee Shift Scheduling <4.9.57 - Code Injection
CVSS 7.5
CVE-2024-34751 MEDIUM
WebToffee Order Export & Order Import for WooCommerce <2.4.9 - Dese...
CVSS 4.4
CVE-2024-4838 HIGH
ConvertPlus 3.5.26 - Code Injection
CVSS 7.5
CVE-2024-4200 HIGH
Telerik Reporting <2024 Q2 - Code Injection
CVSS 7.7
CVE-2024-3967 HIGH
OpenText iManager <3.2.6.0200 - RCE
CVSS 7.6
CVE-2024-3483 HIGH
OpenText iManager 3.0-3.2.6 - Remote Code Execution via Insecure Deserialization
CVSS 7.8
CVE-2024-30044 HIGH
Microsoft SharePoint Server - Remote Code Execution via Untrusted Data Deserialization
CVSS 7.2
CVE-2024-30042 HIGH
Microsoft Excel - Remote Code Execution via Untrusted Data Deserialization
CVSS 7.8
CVE-2024-4699 MEDIUM
D-Link DAR-8000-10 Firmware < 20230922 - Remote Code Execution via /importhtml.php SQL Parameter Deserialization
CVSS 6.3
CVE-2024-4606 MEDIUM
BdThemes Ultimate Store Kit Elementor Addons <2.0.3 - Deserialization
CVSS 5.4
CVE-2024-4413 CRITICAL
Hotel Booking Lite <4.11.1 - Code Injection
CVSS 9.8
CVE-2024-4044 HIGH
NI FlexLogger <2024 Q1 - Code Injection
CVSS 7.8
CVE-2024-3954 HIGH
Ditty <= 3.1.38 - Authenticated PHP Object Injection
CVSS 8.8
CVE-2024-3070 CRITICAL
WPBeginner Last Viewed Posts <1.0.0 - Code Injection
CVSS 9.8
CVE-2024-34433 MEDIUM
OCDI One Click Demo Import <3.2.0 - Use After Free
CVSS 4.4
CVE-2024-2290 HIGH
Advanced Ads <1.52.1 - Code Injection
CVSS 7.2
CVE-2024-29800 HIGH
Timber < 1.23.0 - Deserialization of Untrusted Data
CVSS 8.0
CVE-2024-29212 CRITICAL
Veeam Service Provider Console - RCE
CVSS 9.9
CVE-2024-28075 CRITICAL
SolarWinds Access Rights Manager < 2023.2.4 - Authenticated Remote Code Execution via Deserialization
CVSS 9.0
CVE-2024-27281 MEDIUM
RDoc <6.6.2 - Remote Code Execution
CVSS 4.5
Details
Vulnerabilities 2,829
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits